Filter Data Sources
The Netskope tenant UI has an additional filter to help you narrow down what's displayed on all the primary pages based on the access method. Access method shows how the cloud app traffic was discovered in the Netskope Cloud. This could be Netskope Client, Secure Forwarder, iOS VPN (Mobile Profile), Network devices (for log uploads), and so on.
Navigate to Settings > General > Data Source > EDIT SOURCE and then select the data source to look for events specifically generated from these sources.
The following table is a sample of data sources. Your list may vary depending on your specific tenant set up.
Data Source | Definition |
|---|---|
All Data Sources | Select this radio button to enable all the data sources to collect events generated from all available data sources. |
Reverse Proxy | Events generated through Netskope's reverse proxy. Supported third party vendors include: Okta, Ping, ADFS, and OneLogin. |
Client | Events generated through the Netskope client installed on your user end points. |
proxysg | Events generated through Symantec's secure web gateway. |
Secure Forwarder | Events generated from Netskope's secure forwarder (software which encrypts and securely forwards events from on-premises devices to the Netskope secure cloud). May be associated with a Netskope appliance if you have them installed in your system. In addition, secure forwarder is one of the four modes by which Netskope's virtual appliance operates. |
Explicit Proxy | The Netskope proxy receives events from other web filters such as Blue Coat or Websense. |
Local Proxy | The Netskope proxy receives events from DP on-premises (inside the corporate firewall). |
Mobile Profile | Events generated through an MDM. Netskope supports the following types of MDM: MobileIron Cloud, MobileIron Core, AirWatch, Intune, and XenMobile. |
McAfee | Events generated from the Mcafee Web GW log collector. |
GRE | Events generated through a GRE tunneling protocol. A GRE capable router, like Cisco or Juniper, encapsulates a payload packet inside a GRE packet, which it then encapsulates in a transport protocol, such as IP. |
proxysg-http-main | Events generated through Symantec's secure web gateway HTTP main logs. |
API Connector | Events generated through API Data Protection. This list will vary based on your specific set up. Log in to your tenant and click API Data Protection for your list. |
asa | Events generated from Cisco-ASA log collector. Netskope supports log formats asa and asa-syslog. |
custom-CEF_Parser1 | Any custom parser you created that is tenant specific appears with 'custom-' as a prefix to the parser name you provide. Typically, this is Risk Insights (OPLP) traffic. |
custom-CEF_Parser2 | Any custom parser you created that is tenant specific appears with 'custom-' as a prefix to the parser name you provide. Typically, this is Risk Insights (OPLP) traffic. |
panw | Events generated from Palo Alto Networks log files. |
websense | Events generated from Websense (Forcepoint) web proxy. |